
Finding Gozi: An Italian Malspam Infection
An accounts clerk at an Italian textile firm clicked an overdue-invoice link, downloaded a ZIP, and opened an Internet shortcut that reached out over SMB to pull a second-stage loader. PowerShell and rundll32 ran the Gozi banking trojan, and the workstation began beaconing to a rotating list of bare IP-literal hosts over plain HTTP. Trace the chain from a link-based lure through an SMB stage-2 fetch to the single command-and-control endpoint the trojan settled on, where it also shipped the stolen data.
Launches today
Friday, July 3, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever